Surveyz is committed to complying with the Protection of Personal Information Act, No. 4 of 2013 (POPIA) and its Regulations. This notice explains how we fulfil our obligations under POPIA and how we protect the personal information of our customers, survey respondents, and visitors.
This notice applies to all personal information processed by Surveyz in the course of providing its survey platform services within the Republic of South Africa, and to the processing of personal information of South African data subjects wherever such processing occurs.
This notice is intended for external communication; Surveyz’s internal POPIA compliance policy and procedures set out additional operational and technical measures and governance processes applicable to our personnel and service providers.
The Company is the “Responsible Party” and is responsible for your personal data when we decide the processing operations of your personal data.
We have appointed an information officer at the Company who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our information officer using the details set out below.
FusionSys Technologies (Pty) Ltd (trading as Surveyz)
Company registration: 2026/336607/07
Registered address: 19 Collings Road, Oostersee, Parow, Cape Town, 7500, Western Cape
Information Officer: Taurique Toufique Toffie
Email: [email protected]
Registered with the Information Regulator: 13 May 2026
Our Information Officer is responsible for ensuring compliance with POPIA across all personal information processing activities. You have the right to make a complaint at any time to the Information Regulator’s Office. We would, however, appreciate the chance to deal with your concerns before you approach any such supervisory authority, so please contact us in the first instance.
We process personal information only when we have a lawful ground under POPIA Section 11, including:
Personal data, or personally identifiable information, means any information about an individual, both natural and juristic entities (people and companies), from which that entity can be identified. It does not include information where the identity has been removed (anonymous data).
We may collect, use, store, and transfer (“process”) different kinds of personal data about you which we have grouped together as follows:
We also collect information in a form that does not, on its own, permit direct association with any specific individual such as occupation, language, zip/area code, location, time zone, etc. We may collect, use, transfer, and disclose non-personal information for any purpose. This information is aggregated and used to help us provide more useful information to our customers and to understand which portions of Services are of most interest. This aggregated data is considered non personal information for the purposes of this Privacy Notice.
We may also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Surveyz may generate and use aggregated, anonymised or de-identified data derived from Customers’ and Respondents’ use of the Services for legitimate business purposes (including analytics, reporting, security, service improvement, product development, benchmarking and statistical analysis), provided it does not identify, and cannot reasonably be used to identify, any Customer, Respondent or individual. Surveyz will not disclose such data in a way that identifies any Customer, Respondent or Personal Information.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to suspend your use of our services but we will notify you if this is the case at the time.
The Platform may include links to third-party websites, plug-ins, and extensions. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements or terms. When you leave our Platform, or engage with such third parties, we encourage you to read the distinct privacy policy of every third-party you engage with. The Company does not accept any responsibility or liability for your use of such third-party websites, plug-ins and extensions, nor for the privacy policies and practices of the owners or operators of them.
We collect personal information only for specific, explicitly defined, and lawful purposes. We will not process personal information in a manner incompatible with the purpose for which it was collected.
Direct Interactions: You may give us personal data by using our Services, or by corresponding with us through the website, by email or otherwise.
This includes personal data you provide when you:
Automated technologies or interactions: As you interact with our Platform, we may automatically collect Technical Data and Usage Data about your device. We may collect this personal data by using cookies, server logs and other similar technologies.
Third parties: We may receive personal data about you from various third parties such as:
We will only process personal data under one or more of the following lawful bases:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules and where required or permitted by law.
We will use your personal data only for the purposes for which we collected it, including the following:
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do
We may disclose your personal information to third parties only where necessary for the purposes described in this Privacy Policy, where we have a lawful ground under POPIA, and subject to appropriate safeguards.
The categories of recipients with whom we may share personal information include:
When we engage operators to process personal information on our behalf, we require them to process such information only on our documented instructions, to implement appropriate technical and organisational security safeguards, and to assist us (where applicable) with POPIA compliance obligations. Where an operator engages another operator (a sub-operator) to process personal information, we require appropriate contractual safeguards to ensure equivalent protection.
We do not sell personal information to third parties.
Under POPIA, you have the following rights regarding your personal information:
To exercise any of these rights, email our Information Officer at [email protected]. We will respond within 30 days as required by POPIA.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Users with citizenships from jurisdictions other than South Africa, please note that we comply with South African data protection laws when processing your personal data. Should foreign law be applicable to your use of our services and/or the Platform in any way, including how we may process your personal data, please contact us and we will gladly engage with you on your rights.
We are committed to keeping your personal information secure. The security of your personal information is important to us and we utilise physical, electronic and procedural safeguards designed to protect personal information under our control against loss, misuse, interference and unauthorised access, disclosure, alteration or destruction.
Our measures include:
No method of transmission over the Internet, and no method of electronic storage, is completely secure. While we take reasonable steps to protect your personal information, we cannot guarantee its absolute security and any transmission of personal information to us is at your own risk.
In the event of a security compromise involving personal information, we will notify the Information Regulator and affected data subjects as required under POPIA Section 22.
Our platform is hosted on Microsoft Azure infrastructure in the South Africa North region (Johannesburg). Some service providers (e.g., authentication services, email delivery) and other operators we use to provide our Platform and services (such as analytics providers, payment service providers, marketing platforms, and customer support tools) may process personal information outside South Africa, in each case only to the extent necessary for the relevant services.
Where personal information is transferred outside South Africa, we ensure such transfers comply with POPIA Section 72, including that the receiving country provides an adequate level of protection, or that appropriate safeguards are in place via contractual arrangements. The key third-party service providers we currently use include Cloudflare, Google, Microsoft, LinkedIn, Meta and Anthropic. This is not a closed or exhaustive list and may be updated from time to time.
We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including any legal, accounting, or reporting requirements. We may also anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Our retention periods:
You may request deletion of your personal information at any time, subject to any overriding legal retention obligations.
Our Service is not directed at children under the age of 18. We do not knowingly collect personal information from children without verifiable parental or guardian consent. Surveys that target minors must comply with POPIA's special provisions on processing children's personal information (Section 34–35). Account holders creating surveys for minors are responsible for obtaining appropriate consent.
If you have concerns about how we handle your personal information, please contact our Information Officer first:
Information Officer
Email: [email protected]
We aim to resolve all complaints within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Information Regulator of South Africa:
Information Regulator (South Africa)